Bug 10635 - Office365 Password Sync
Office365 Password Sync
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: DCE-RPCs and pipes
4.1.7
x64 Linux
: P5 major
: ---
Assigned To: Andrew Bartlett
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-05-27 13:58 UTC by Michael Schobel-Thoma
Modified: 2016-09-20 09:50 UTC (History)
4 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Schobel-Thoma 2014-05-27 13:58:53 UTC
OS: Ubuntu 14.04 - MS Azure Password Sync to Office 365.

When I start the sync in samba log appears a kerberos WRONG PARAM Error and Azure is logging the following:

Password synchronization failed for domain: domain.com. Details: 
Microsoft.Online.PasswordSynchronization.SynchronizationManagerException: Unable to open connection to domain: domain.com. Error: There was an error creating the connection context. ---> Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: There was an error creating the connection context. ---> Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsCommunicationException: RPC Error 1728 : A remote procedure call (RPC) protocol error occurred. Error creating DRS context handle.
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnectionContext.DrsBind(Void* rpcBindingHandle, SafePointer<_SEC_WINNT_AUTH_IDENTITY_W> authHandle, _GUID sourceDsaGuid, _DRS_EXTENSIONS_INT* clientExtensions, _DRS_EXTENSIONS** serverExtensions, RpcBindingSecurityCallbackHandler securityCallback)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnectionContext.CreateDrsHandle(Void* rpcBindingHandle, SafePointer<_SEC_WINNT_AUTH_IDENTITY_W> authHandle)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.CreateConnectionContext(SourceDomainController sourceDomain)
   --- End of inner exception stack trace ---
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.CreateConnectionContext(SourceDomainController sourceDomain)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.EstablishConnection()
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.Connect()
   at Microsoft.Online.PasswordSynchronization.RetryUtility.<>c__DisplayClass1.<ExecuteWithRetry>b__0()
   at Microsoft.Online.PasswordSynchronization.RetryUtility.ExecuteWithRetry[T](Func`1 operation, Func`1 shouldAbort, RetryPolicyHandler retryPolicy)
   at Microsoft.Online.PasswordSynchronization.RetryUtility.ExecuteWithRetry(Action operation, Func`1 shouldAbort, RetryPolicyHandler retryPolicy)
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.OpenConnection(IDrsConnection connection)
   --- End of inner exception stack trace ---
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.OpenConnection(IDrsConnection connection)
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.CreateConnection()
   at Microsoft.Online.PasswordSynchronization.RecoveryTask.SynchronizeCredentialsToCloud()
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.SynchronizeSecrets()
   at Microsoft.Online.PasswordSynchronization.SynchronizationExecutionContext.SynchronizeDomain()
   at Microsoft.Online.PasswordSynchronization.SynchronizationManager.SynchronizeDomain(SynchronizationExecutionContext syncExecutionContext)
Microsoft.Online.PasswordSynchronization.SynchronizationManagerException: Unable to open connection to domain: domain.com. Error: There was an error creating the connection context. ---> Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: There was an error creating the connection context. ---> Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsCommunicationException: RPC Error 1728 : A remote procedure call (RPC) protocol error occurred. Error creating DRS context handle.
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnectionContext.DrsBind(Void* rpcBindingHandle, SafePointer<_SEC_WINNT_AUTH_IDENTITY_W> authHandle, _GUID sourceDsaGuid, _DRS_EXTENSIONS_INT* clientExtensions, _DRS_EXTENSIONS** serverExtensions, RpcBindingSecurityCallbackHandler securityCallback)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnectionContext.CreateDrsHandle(Void* rpcBindingHandle, SafePointer<_SEC_WINNT_AUTH_IDENTITY_W> authHandle)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.CreateConnectionContext(SourceDomainController sourceDomain)
   --- End of inner exception stack trace ---
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.CreateConnectionContext(SourceDomainController sourceDomain)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.EstablishConnection()
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.Connect()
   at Microsoft.Online.PasswordSynchronization.RetryUtility.<>c__DisplayClass1.<ExecuteWithRetry>b__0()
   at Microsoft.Online.PasswordSynchronization.RetryUtility.ExecuteWithRetry[T](Func`1 operation, Func`1 shouldAbort, RetryPolicyHandler retryPolicy)
   at Microsoft.Online.PasswordSynchronization.RetryUtility.ExecuteWithRetry(Action operation, Func`1 shouldAbort, RetryPolicyHandler retryPolicy)
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.OpenConnection(IDrsConnection connection)
   --- End of inner exception stack trace ---
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.OpenConnection(IDrsConnection connection)
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.CreateConnection()
   at Microsoft.Online.PasswordSynchronization.RecoveryTask.SynchronizeCredentialsToCloud()
  at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.SynchronizeSecrets()
   at Microsoft.Online.PasswordSynchronization.SynchronizationExecutionContext.SynchronizeDomain()
   at Microsoft.Online.PasswordSynchronization.SynchronizationManager.SynchronizeDomain(SynchronizationExecutionContext syncExecutionContext)
Microsoft.Online.PasswordSynchronization.SynchronizationManagerException: Unable to open connection to domain: domain.com. Error: There was an error creating the connection context. ---> Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: There was an error creating the connection context. ---> Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsCommunicationException: RPC Error 1728 : A remote procedure call (RPC) protocol error occurred. Error creating DRS context handle.
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnectionContext.DrsBind(Void* rpcBindingHandle, SafePointer<_SEC_WINNT_AUTH_IDENTITY_W> authHandle, _GUID sourceDsaGuid, _DRS_EXTENSIONS_INT* clientExtensions, _DRS_EXTENSIONS** serverExtensions, RpcBindingSecurityCallbackHandler securityCallback)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnectionContext.CreateDrsHandle(Void* rpcBindingHandle, SafePointer<_SEC_WINNT_AUTH_IDENTITY_W> authHandle)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.CreateConnectionContext(SourceDomainController sourceDomain)
   --- End of inner exception stack trace ---
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.CreateConnectionContext(SourceDomainController sourceDomain)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.EstablishConnection()
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.Connect()
   at Microsoft.Online.PasswordSynchronization.RetryUtility.<>c__DisplayClass1.<ExecuteWithRetry>b__0()
   at Microsoft.Online.PasswordSynchronization.RetryUtility.ExecuteWithRetry[T](Func`1 operation, Func`1 shouldAbort, RetryPolicyHandler retryPolicy)
   at Microsoft.Online.PasswordSynchronization.RetryUtility.ExecuteWithRetry(Action operation, Func`1 shouldAbort, RetryPolicyHandler retryPolicy)
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.OpenConnection(IDrsConnection connection)
   --- End of inner exception stack trace ---
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.OpenConnection(IDrsConnection connection)
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.CreateConnection()
   at Microsoft.Online.PasswordSynchronization.RecoveryTask.SynchronizeCredentialsToCloud()
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.SynchronizeSecrets()
   at Microsoft.Online.PasswordSynchronization.SynchronizationExecutionContext.SynchronizeDomain()
   at Microsoft.Online.PasswordSynchronization.SynchronizationManager.SynchronizeDomain(SynchronizationExecutionContext syncExecutionContext)
Comment 1 Tommie Van Mechgelen 2015-05-05 14:59:49 UTC
Hi,

I am experiencing the same problem when using DirSync with Azure/Office 365.  I am currently running Samba 4.2.1 compiled from source.

Are we missing some RPC calls to have this working in Samba?

Password synchronization failed for domain: domain.com. Details: 
Microsoft.Online.PasswordSynchronization.SynchronizationManagerException: Unable to open connection to domain: domain.com. Error: There was an error creating the connection context. ---> Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: There was an error creating the connection context. ---> Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: RPC Error 1727 : The remote procedure call failed and did not execute. Error creating DRS context handle.
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnectionContext.DrsBind(Void* rpcBindingHandle, SafePointer<_SEC_WINNT_AUTH_IDENTITY_W> authHandle, _GUID sourceDsaGuid, _DRS_EXTENSIONS_INT* clientExtensions, _DRS_EXTENSIONS** serverExtensions, RpcBindingSecurityCallbackHandler securityCallback)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnectionContext.CreateDrsHandle(Void* rpcBindingHandle, SafePointer<_SEC_WINNT_AUTH_IDENTITY_W> authHandle)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.CreateConnectionContext(SourceDomainController sourceDomain)
   --- End of inner exception stack trace ---
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.CreateConnectionContext(SourceDomainController sourceDomain)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.EstablishConnection()
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.Connect()
   at Microsoft.Online.PasswordSynchronization.RetryUtility.<>c__DisplayClass1.<ExecuteWithRetry>b__0()
   at Microsoft.Online.PasswordSynchronization.RetryUtility.ExecuteWithRetry[T](Func`1 operation, Func`1 shouldAbort, RetryPolicyHandler retryPolicy)
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.OpenConnection(IDrsConnection connection)
   --- End of inner exception stack trace ---
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.OpenConnection(IDrsConnection connection)
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.CreateConnection()
   at Microsoft.Online.PasswordSynchronization.RecoveryTask.SynchronizeCredentialsToCloud()
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.SynchronizeSecrets()
   at Microsoft.Online.PasswordSynchronization.SynchronizationExecutionContext.SynchronizeDomain()
   at Microsoft.Online.PasswordSynchronization.SynchronizationManager.SynchronizeDomain(SynchronizationExecutionContext syncExecutionContext)
Microsoft.Online.PasswordSynchronization.SynchronizationManagerException: Unable to open connection to domain: domain.com. Error: There was an error creating the connection context. ---> Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: There was an error creating the connection context. ---> Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: RPC Error 1727 : The remote procedure call failed and did not execute. Error creating DRS context handle.
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnectionContext.DrsBind(Void* rpcBindingHandle, SafePointer<_SEC_WINNT_AUTH_IDENTITY_W> authHandle, _GUID sourceDsaGuid, _DRS_EXTENSIONS_INT* clientExtensions, _DRS_EXTENSIONS** serverExtensions, RpcBindingSecurityCallbackHandler securityCallback)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnectionContext.CreateDrsHandle(Void* rpcBindingHandle, SafePointer<_SEC_WINNT_AUTH_IDENTITY_W> authHandle)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.CreateConnectionContext(SourceDomainController sourceDomain)
   --- End of inner exception stack trace ---
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.CreateConnectionContext(SourceDomainController sourceDomain)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.EstablishConnection()
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.Connect()
   at Microsoft.Online.PasswordSynchronization.RetryUtility.<>c__DisplayClass1.<ExecuteWithRetry>b__0()
   at Microsoft.Online.PasswordSynchronization.RetryUtility.ExecuteWithRetry[T](Func`1 operation, Func`1 shouldAbort, RetryPolicyHandler retryPolicy)
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.OpenConnection(IDrsConnection connection)
   --- End of inner exception stack trace ---
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.OpenConnection(IDrsConnection connection)
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.CreateConnection()
   at Microsoft.Online.PasswordSynchronization.RecoveryTask.SynchronizeCredentialsToCloud()
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.SynchronizeSecrets()
   at Microsoft.Online.PasswordSynchronization.SynchronizationExecutionContext.SynchronizeDomain()
   at Microsoft.Online.PasswordSynchronization.SynchronizationManager.SynchronizeDomain(SynchronizationExecutionContext syncExecutionContext)
Microsoft.Online.PasswordSynchronization.SynchronizationManagerException: Unable to open connection to domain: domain.com. Error: There was an error creating the connection context. ---> Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: There was an error creating the connection context. ---> Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: RPC Error 1727 : The remote procedure call failed and did not execute. Error creating DRS context handle.
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnectionContext.DrsBind(Void* rpcBindingHandle, SafePointer<_SEC_WINNT_AUTH_IDENTITY_W> authHandle, _GUID sourceDsaGuid, _DRS_EXTENSIONS_INT* clientExtensions, _DRS_EXTENSIONS** serverExtensions, RpcBindingSecurityCallbackHandler securityCallback)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnectionContext.CreateDrsHandle(Void* rpcBindingHandle, SafePointer<_SEC_WINNT_AUTH_IDENTITY_W> authHandle)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.CreateConnectionContext(SourceDomainController sourceDomain)
   --- End of inner exception stack trace ---
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.CreateConnectionContext(SourceDomainController sourceDomain)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.EstablishConnection()
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.Connect()
   at Microsoft.Online.PasswordSynchronization.RetryUtility.<>c__DisplayClass1.<ExecuteWithRetry>b__0()
   at Microsoft.Online.PasswordSynchronization.RetryUtility.ExecuteWithRetry[T](Func`1 operation, Func`1 shouldAbort, RetryPolicyHandler retryPolicy)
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.OpenConnection(IDrsConnection connection)
   --- End of inner exception stack trace ---
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.OpenConnection(IDrsConnection connection)
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.CreateConnection()
   at Microsoft.Online.PasswordSynchronization.RecoveryTask.SynchronizeCredentialsToCloud()
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.SynchronizeSecrets()
   at Microsoft.Online.PasswordSynchronization.SynchronizationExecutionContext.SynchronizeDomain()
   at Microsoft.Online.PasswordSynchronization.SynchronizationManager.SynchronizeDomain(SynchronizationExecutionContext syncExecutionContext)
.
Comment 2 tf 2016-03-22 14:47:21 UTC
Same problem with a uptodate samba on a archlinux box.

What is needed to get ad azure sync working on samba?

Best regard

Torsten Fohrer
Comment 3 Alex MacCuish 2016-09-03 10:40:51 UTC
The new AAD Connect gives me the following error:

Microsoft.Online.PasswordSynchronization.SynchronizationManagerException: Recovery task failed. ---> Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: RPC Error 8420 : The naming context could not be found. There was an error calling _IDL_DRSGetNCChanges.
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.OnReplicateSingleObject(DsName directoryName)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.ReplicateSingleObject(Guid objectGuid, String distinguishedName)
   at Microsoft.Online.PasswordSynchronization.RecoveryTask.<>c__DisplayClass9.<RetrieveObjectChangesFromAD>b__3(IDrsConnection c)
   at Microsoft.Online.PasswordSynchronization.RetryUtility.ExecuteWithRetry[T](Func`1 operation, Func`1 shouldAbort, RetryPolicyHandler retryPolicy)
   at Microsoft.Online.PasswordSynchronization.RecoveryTask.RetrieveObjectChangesFromAD(List`1 retryObjects)
   at Microsoft.Online.PasswordSynchronization.RecoveryTask.SynchronizeCredentialsToCloud()
   --- End of inner exception stack trace ---
   at Microsoft.Online.PasswordSynchronization.RecoveryTask.SynchronizeCredentialsToCloud()
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.SynchronizeSecrets()
   at Microsoft.Online.PasswordSynchronization.SynchronizationExecutionContext.SynchronizeDomain()
   at Microsoft.Online.PasswordSynchronization.SynchronizationManager.SynchronizeDomain(SynchronizationExecutionContext syncExecutionContext)
Microsoft.Online.PasswordSynchronization.SynchronizationManagerException: Recovery task failed. ---> Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: RPC Error 8420 : The naming context could not be found. There was an error calling _IDL_DRSGetNCChanges.
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.OnReplicateSingleObject(DsName directoryName)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.ReplicateSingleObject(Guid objectGuid, String distinguishedName)
   at Microsoft.Online.PasswordSynchronization.RecoveryTask.<>c__DisplayClass9.<RetrieveObjectChangesFromAD>b__3(IDrsConnection c)
   at Microsoft.Online.PasswordSynchronization.RetryUtility.ExecuteWithRetry[T](Func`1 operation, Func`1 shouldAbort, RetryPolicyHandler retryPolicy)
   at Microsoft.Online.PasswordSynchronization.RecoveryTask.RetrieveObjectChangesFromAD(List`1 retryObjects)
   at Microsoft.Online.PasswordSynchronization.RecoveryTask.SynchronizeCredentialsToCloud()
   --- End of inner exception stack trace ---
   at Microsoft.Online.PasswordSynchronization.RecoveryTask.SynchronizeCredentialsToCloud()
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.SynchronizeSecrets()
   at Microsoft.Online.PasswordSynchronization.SynchronizationExecutionContext.SynchronizeDomain()
   at Microsoft.Online.PasswordSynchronization.SynchronizationManager.SynchronizeDomain(SynchronizationExecutionContext syncExecutionContext)
.
Comment 4 Andrew Bartlett 2016-09-03 10:43:03 UTC
Please retry with Samba 4.5, as we fixed ReplicateSingleObject for that release.
Comment 5 Michal Dejmek 2016-09-20 09:50:38 UTC
The same bug in version 4.5.0.